Malicious files have long been a problem in computing, and that problem only continues to grow. Constant internet connectivity and a plethora of file transfer devices create ever more opportunities for malicious files to find their way to users' computers.
Some traditional anti-malware systems keep signature databases of all known malware variants, but as the number of these variants increases, these databases grow to unwieldy sizes. In order to relieve client systems of the burden of storing and updating large anti-malware databases, some traditional anti-malware systems may use cloud-based malware lookups. For example, some traditional anti-malware systems may compute full file hashes to match against cloud-based malware databases. Unfortunately, these traditional anti-malware systems may require that computationally expensive full-file hashes be computed for each file on a client system before that file can be looked up in the cloud database. This additional computational burden may slow down the client, reducing the benefit of hosting the fingerprints in a cloud-based database. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for detecting malicious files.